Hi-Tech-Consulting

Gun Bills Pass House Despite Antics, Argument for Safety at Workplace
Evansville Courier & Press (IN) (01/27/10) Coffin, Katie

The Indiana House officially passed a bill on Jan. 25 that would prevent employers from telling workers that they cannot bring their guns to work, provided they are left in the employees’ locked cars. The bill would also prevent law enforcement from confiscating guns in an emergency, such as what happened in New Orleans during Hurricane Katrina. A similar bill already passed the Indiana Senate several days earlier. A second firearm bill, designed to keep the identities of those who apply for gun permits confidential, also passed the House.

New York Times (01/17/10) Lohr, Steve

The growing sophistication of cyberattackers and the susceptibility of even the best defensive measures is highlighted by the recent attacks against Google from within China, according to security experts. Despite the billions of dollars that government agencies and corporations are spending each year on specialized anti-malware programs, malicious hackers appear to have the edge. A recent Computer Security Institute (CSI) survey of nearly 450 companies and government agencies found that 64 percent reported malware infiltration, versus 50 percent the previous year. CSI director Robert Richardson says that malware is an ever-growing threat, and notes that “now the game is much more about getting a foothold in the network, for spying.” Security experts cite employee awareness and training as a critical defense measure, as many malware infections stem from old-fashioned scams such as phishing schemes. “Fighting computer crime is a balance of technology and behavioral science, understanding the human dimension of the threat,” says former FBI agent Edward M. Stroz. Although sharing information and knowledge with customers online is viewed as essential to achieving greater flexibility and efficiency, it raises the threat of outside incursions. Some experts say the long-term solution to the threat of malevolent hackers is to steer the software industry on a path toward maturation, with standards, defined responsibilities, and accountability for security lapses directed by forceful self-regulation or by the government.

Other Firms Acknowledge Being Target of Attacks
Wall Street Journal (01/15/10) Worthen, Ben

The Sunnyvale, Calif.-based networking equipment maker Juniper Networks announced Thursday that it was targeted in the same cyberattacks that recently struck Google. Juniper refused to say whether the attack was successful. An investigation into the incident is ongoing, the company said. Meanwhile, there are indications that several other companies may have also been struck by the attacks that affected Google and Juniper. On Thursday, a spokesman for Dow Chemical said that his company had been contacted by federal officials about cyberattacks, though he refused to say whether his company had actually been attacked and if so, whether the attack was related to the same incident that took place at Google. In addition, the Los Angeles law firm Gipson Hoffman & Pancione, which is representing Cybersitter in its litigation with the Chinese government, also said that it had been affected by cyberattacks that originated in China. However, it remains unclear whether the attack on the law firm was related to the attack on Google.

Chinese Spy Agency Behind Google Cyber Attack, Report Claims
InformationWeek (01/14/10) Claburn, Thomas

The computer security company iDefense released a report on Tuesday that said that the cyberattack that was launched against Google and 33 other companies in December was the work of Chinese intelligence agencies or their proxies. To support its claim, iDefense cited two independent, anonymous sources in the defense contracting and intelligence community who said that the source IPs and the drop server used in the attack “correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof.” In addition, the report said that the attack on Google–which resulted in the theft of intellectual property–and the other companies was similar to attacks that took place at roughly 100 IT companies last July. In those attacks, cybercriminals sent a malicious PDF file as an e-mail attachment to take advantage of a vulnerability in Adobe Reader. The report noted that the attacks that took place in July and those that took place in December may have been just one attack, which means that the companies that were targeted may have been compromised for several months. Chris Wysopal, the chief technology officer at Veracode, said the attack highlights the need to scrutinize and manage software on a user system in much the same way that a machine connected to the Internet is.

Disgruntled Plant Worker Kills 3, Injures 5 in St. Louis
Associated Press (01/08/10) Salter, Jim

An employee at an ABB Group factory in St. Louis opened fire on his coworkers at the facility on Jan. 7, killing three people and injuring five more before killing himself. The shooter, 51-year-old Timothy Hendron, was reportedly involved in a pension dispute with the company, but it is unknown if that dispute motivated the shooting. According to police officials, the shooting began at 6:30 am at the plant, where the Swiss-owned ABB makes electrical transformers. In 2006, Hendron and other workers sued ABB for retirement losses due to “unreasonable and excessive” undisclosed fees for their 401(k). The trial for the lawsuit began in Kansas City several days prior to the shooting. The plant where the shooting occurred employs approximately 270 people. The shooter was found inside the plant with an assault rifle, a handgun, and a shotgun. Two of the three dead where found in the parking lot outside the plant, and one victim was found inside.